CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 23CVE-2017-7269 – Microsoft Windows Server Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2017-7269
27 Mar 2017 — Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If:
CVSS: 7.5EPSS: 87%CPEs: 2EXPL: 2CVE-2010-1899 – Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)
https://notcve.org/view.php?id=CVE-2010-1899
15 Sep 2010 — Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Vulnerabilidad de consumo en la pila en la aplicación ASP de Microsoft Internet Information Services (IIS) v5.1, v6.0, v7.0, y v7.5 permite a atacantes remotos causar una denegación de servicio (parad... • https://packetstorm.news/files/id/180584 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 33%CPEs: 17EXPL: 0CVE-2010-1256
https://notcve.org/view.php?id=CVE-2010-1256
08 Jun 2010 — Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." Vulnerabilidad no especificada en Microsoft IIS 6.0, 7.0 y 7.5 cuando la Protección Extended por Autenticación está habilitada, permite a usuarios autenticados en remoto ejecutar código de su elec... • http://www.securityfocus.com/bid/40573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 5%CPEs: 1EXPL: 1CVE-2003-1582
https://notcve.org/view.php?id=CVE-2003-1582
05 Feb 2010 — Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. Microsoft Internet Information Services (IIS) v6.0, cuando la resolución DNS es activada para direcciones IP de clientes, pemrite a atacantes remotos ejecutar texto de su el... • http://www.securityfocus.com/archive/1/313867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 78%CPEs: 19EXPL: 6CVE-2009-3023 – Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow
https://notcve.org/view.php?id=CVE-2009-3023
31 Aug 2009 — Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." Un desbordamiento de búfer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un com... • https://www.exploit-db.com/exploits/9559 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2008-0074
https://notcve.org/view.php?id=CVE-2008-0074
12 Feb 2008 — Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. Vulnerabilidad no especificada en Microsoft Internet Information Services (IIS) de 5.0 a 7.0. Permite a usuarios locales conseguir privilegios a través de vectores desconocidos relacionados a notificaciones de cambios de archivos en las carpetas TPRoot, NNTPFile\Root, or WWWR... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 0CVE-2008-0075
https://notcve.org/view.php?id=CVE-2008-0075
12 Feb 2008 — Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. Vulnerabilidad sin especificar en Microsoft Internet Information Services (IIS) de 5.1 a 6.0. Permite a atacantes remotos ejecutar código de su elección a través de entradas manipuladas para páginas ASP. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 53%CPEs: 1EXPL: 0CVE-2007-2897
https://notcve.org/view.php?id=CVE-2007-2897
30 May 2007 — Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS dev... • http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0419.html •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2007-1278
https://notcve.org/view.php?id=CVE-2007-1278
16 Mar 2007 — Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores n... • http://osvdb.org/34039 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-6579
https://notcve.org/view.php?id=CVE-2006-6579
15 Dec 2006 — Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. Microsoft Windows XP tiene pérmisos débiles (FILE_WRITE_DATA y FILE_READ_DATA para cualquiera) para %WINDIR%\pchealth\ERRORREP\QHEADLES, lo cual permite a un usuario local escribir y leer archivos en esta carpet... • http://www.securityfocus.com/archive/1/454268/100/0/threaded •